Ubuntu – Forceably set permissions when running rsync

backupcommand linepermissionsrsyncserver

Currently I am backing up gigabytes and gigabytes of data from a live server to a backup server using an rsync/ssh combination script, allowing for automated operation every night with a cron job.

The problem I am having is with permissions.

Running rsync with -a mode copies over the user:group and filemode, which are currently 54122:games and -rwx–S—.

In order to be able to execute the files on the backup server (don't ask me why the employer requires this), I've had to run a time- and cpu-costly (because of the sheer amount of data transferred) chown() and chmod() setting every file/folder to www-data:www-data and permissions of 755.

Is there anyway I can setup rsync to forcibly set each file/folder to www-data:www-data and 755 or am I looking at this problem from the wrong angle?

I guess I could run -rltD instead of -a (which is equivalent to -rlptgoD) but then what happens to new files? What permissions and owner:group settings do they receive?

Best Answer

Amongst many other options rsync can change permission by running it with the option:

rsync [options] --chmod=CHMOD source destination

where you can also combine option --archive with the option --no-owner or --no-perms to exclude preservation of owner resp. permissions. For further options on very subtle settings for CHMOD see the manpage for rsync.

Related Solutions

Ubuntu – Default file permissions for php user www-data

You could use ACL. To set up ACL for Ubuntu 10.10, first mount the file systems with the acl option in /etc/fstab.

sudo vim /etc/fstab

UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1

sudo mount -o remount,acl /

Then make a group to which a user may belong for this purpose.

sudo groupadd developers
sudo usermod -a -G developers $username

The user needs to log out and in again to become a member of the developers group.

Of course, do not do this if you have content in the /var/www directory that you want, but just to illustrate setting it up to start:

sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root.developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public

Then replace references to "/var/www" with "/var/www/public" in a config file and reload.

sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload

If we wanted to restrict delete and rename from all but the user who created the file:

sudo chmod +t /var/www/public

This way, if we want to create directories for frameworks that exist outside the Apache document root or maybe create server-writable directories, it's still easy.

Apache-writable logs directory:

sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs

Apache-readable library directory:

sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/lib
sudo chmod 0750 /var/www/lib

Best Answer

Related Solutions

Ubuntu – Default file permissions for php user www-data

Related Question